diff options
author | Junio C Hamano <gitster@pobox.com> | 2008-11-05 11:35:53 -0800 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2008-11-05 11:35:53 -0800 |
commit | a1a846a19e854a3b3baff8f55c039846880a2635 (patch) | |
tree | 0d6aebb3626cbc4204a1ec455e3b2105b4733062 | |
parent | d95f91d9e48a88a39ac2de5bfddd9d33fd36435d (diff) | |
parent | 98b35e2c749614446b916230148d66857e8a09f3 (diff) | |
download | git-a1a846a19e854a3b3baff8f55c039846880a2635.tar.gz |
Merge branch 'ar/mksnpath'
* ar/mksnpath:
Use git_pathdup instead of xstrdup(git_path(...))
git_pathdup: returns xstrdup-ed copy of the formatted path
Fix potentially dangerous use of git_path in ref.c
Add git_snpath: a .git path formatting routine with output buffer
Fix potentially dangerous uses of mkpath and git_path
Fix potentially dangerous uses of mkpath and git_path
Fix mkpath abuse in dwim_ref and dwim_log of sha1_name.c
Add mksnpath which allows you to specify the output buffer
Conflicts:
builtin-revert.c
-rw-r--r-- | builtin-apply.c | 4 | ||||
-rw-r--r-- | builtin-config.c | 2 | ||||
-rw-r--r-- | builtin-for-each-ref.c | 6 | ||||
-rw-r--r-- | builtin-reflog.c | 4 | ||||
-rw-r--r-- | builtin-revert.c | 2 | ||||
-rw-r--r-- | builtin-tag.c | 2 | ||||
-rw-r--r-- | cache.h | 7 | ||||
-rw-r--r-- | config.c | 6 | ||||
-rw-r--r-- | environment.c | 2 | ||||
-rw-r--r-- | path.c | 54 | ||||
-rw-r--r-- | refs.c | 10 | ||||
-rw-r--r-- | rerere.c | 2 | ||||
-rw-r--r-- | server-info.c | 2 | ||||
-rw-r--r-- | sha1_name.c | 6 |
14 files changed, 88 insertions, 21 deletions
diff --git a/builtin-apply.c b/builtin-apply.c index cfd8fceb90..4c4d1e1774 100644 --- a/builtin-apply.c +++ b/builtin-apply.c @@ -2841,8 +2841,8 @@ static void create_one_file(char *path, unsigned mode, const char *buf, unsigned unsigned int nr = getpid(); for (;;) { - const char *newpath; - newpath = mkpath("%s~%u", path, nr); + char newpath[PATH_MAX]; + mksnpath(newpath, sizeof(newpath), "%s~%u", path, nr); if (!try_create_file(newpath, mode, buf, size)) { if (!rename(newpath, path)) return; diff --git a/builtin-config.c b/builtin-config.c index 91fdc4985d..f71016204b 100644 --- a/builtin-config.c +++ b/builtin-config.c @@ -84,7 +84,7 @@ static int get_value(const char* key_, const char* regex_) local = config_exclusive_filename; if (!local) { const char *home = getenv("HOME"); - local = repo_config = xstrdup(git_path("config")); + local = repo_config = git_pathdup("config"); if (git_config_global() && home) global = xstrdup(mkpath("%s/.gitconfig", home)); if (git_config_system()) diff --git a/builtin-for-each-ref.c b/builtin-for-each-ref.c index fa6c1ed752..e46b7adc97 100644 --- a/builtin-for-each-ref.c +++ b/builtin-for-each-ref.c @@ -620,14 +620,16 @@ static char *get_short_ref(struct refinfo *ref) for (j = 0; j < i; j++) { const char *rule = ref_rev_parse_rules[j]; unsigned char short_objectname[20]; + char refname[PATH_MAX]; /* * the short name is ambiguous, if it resolves * (with this previous rule) to a valid ref * read_ref() returns 0 on success */ - if (!read_ref(mkpath(rule, short_name_len, short_name), - short_objectname)) + mksnpath(refname, sizeof(refname), + rule, short_name_len, short_name); + if (!read_ref(refname, short_objectname)) break; } diff --git a/builtin-reflog.c b/builtin-reflog.c index 6b3667ef0e..d95f515f2e 100644 --- a/builtin-reflog.c +++ b/builtin-reflog.c @@ -277,11 +277,11 @@ static int expire_reflog(const char *ref, const unsigned char *sha1, int unused, lock = lock_any_ref_for_update(ref, sha1, 0); if (!lock) return error("cannot lock ref '%s'", ref); - log_file = xstrdup(git_path("logs/%s", ref)); + log_file = git_pathdup("logs/%s", ref); if (!file_exists(log_file)) goto finish; if (!cmd->dry_run) { - newlog_path = xstrdup(git_path("logs/%s.lock", ref)); + newlog_path = git_pathdup("logs/%s.lock", ref); cb.newlog = fopen(newlog_path, "w"); } diff --git a/builtin-revert.c b/builtin-revert.c index 7483a7a63b..4038b4118d 100644 --- a/builtin-revert.c +++ b/builtin-revert.c @@ -251,7 +251,7 @@ static int revert_or_cherry_pick(int argc, const char **argv) int i, index_fd, clean; char *oneline, *reencoded_message = NULL; const char *message, *encoding; - char *defmsg = xstrdup(git_path("MERGE_MSG")); + char *defmsg = git_pathdup("MERGE_MSG"); struct merge_options o; struct tree *result, *next_tree, *base_tree, *head_tree; static struct lock_file index_lock; diff --git a/builtin-tag.c b/builtin-tag.c index 1ff7b37162..84db156e63 100644 --- a/builtin-tag.c +++ b/builtin-tag.c @@ -283,7 +283,7 @@ static void create_tag(const unsigned char *object, const char *tag, int fd; /* write the template message before editing: */ - path = xstrdup(git_path("TAG_EDITMSG")); + path = git_pathdup("TAG_EDITMSG"); fd = open(path, O_CREAT | O_TRUNC | O_WRONLY, 0600); if (fd < 0) die("could not create file '%s': %s", @@ -495,6 +495,13 @@ extern int check_repository_format(void); #define DATA_CHANGED 0x0020 #define TYPE_CHANGED 0x0040 +extern char *mksnpath(char *buf, size_t n, const char *fmt, ...) + __attribute__((format (printf, 3, 4))); +extern char *git_snpath(char *buf, size_t n, const char *fmt, ...) + __attribute__((format (printf, 3, 4))); +extern char *git_pathdup(const char *fmt, ...) + __attribute__((format (printf, 1, 2))); + /* Return a statically allocated filename matching the sha1 signature */ extern char *mkpath(const char *fmt, ...) __attribute__((format (printf, 1, 2))); extern char *git_path(const char *fmt, ...) __attribute__((format (printf, 1, 2))); @@ -649,7 +649,7 @@ int git_config(config_fn_t fn, void *data) free(user_config); } - repo_config = xstrdup(git_path("config")); + repo_config = git_pathdup("config"); ret += git_config_from_file(fn, repo_config, data); free(repo_config); return ret; @@ -889,7 +889,7 @@ int git_config_set_multivar(const char* key, const char* value, if (config_exclusive_filename) config_filename = xstrdup(config_exclusive_filename); else - config_filename = xstrdup(git_path("config")); + config_filename = git_pathdup("config"); /* * Since "key" actually contains the section name and the real @@ -1149,7 +1149,7 @@ int git_config_rename_section(const char *old_name, const char *new_name) if (config_exclusive_filename) config_filename = xstrdup(config_exclusive_filename); else - config_filename = xstrdup(git_path("config")); + config_filename = git_pathdup("config"); out_fd = hold_lock_file_for_update(lock, config_filename, 0); if (out_fd < 0) { ret = error("could not lock config file %s", config_filename); diff --git a/environment.c b/environment.c index 0693cd9a42..bf93a598d0 100644 --- a/environment.c +++ b/environment.c @@ -71,7 +71,7 @@ static void setup_git_env(void) } git_graft_file = getenv(GRAFT_ENVIRONMENT); if (!git_graft_file) - git_graft_file = xstrdup(git_path("info/grafts")); + git_graft_file = git_pathdup("info/grafts"); } int is_bare_repository(void) @@ -32,6 +32,60 @@ static char *cleanup_path(char *path) return path; } +char *mksnpath(char *buf, size_t n, const char *fmt, ...) +{ + va_list args; + unsigned len; + + va_start(args, fmt); + len = vsnprintf(buf, n, fmt, args); + va_end(args); + if (len >= n) { + snprintf(buf, n, bad_path); + return buf; + } + return cleanup_path(buf); +} + +static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args) +{ + const char *git_dir = get_git_dir(); + size_t len; + + len = strlen(git_dir); + if (n < len + 1) + goto bad; + memcpy(buf, git_dir, len); + if (len && !is_dir_sep(git_dir[len-1])) + buf[len++] = '/'; + len += vsnprintf(buf + len, n - len, fmt, args); + if (len >= n) + goto bad; + return cleanup_path(buf); +bad: + snprintf(buf, n, bad_path); + return buf; +} + +char *git_snpath(char *buf, size_t n, const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + (void)git_vsnpath(buf, n, fmt, args); + va_end(args); + return buf; +} + +char *git_pathdup(const char *fmt, ...) +{ + char path[PATH_MAX]; + va_list args; + va_start(args, fmt); + (void)git_vsnpath(path, sizeof(path), fmt, args); + va_end(args); + return xstrdup(path); +} + char *mkpath(const char *fmt, ...) { va_list args; @@ -413,7 +413,7 @@ const char *resolve_ref(const char *ref, unsigned char *sha1, int reading, int * *flag = 0; for (;;) { - const char *path = git_path("%s", ref); + char path[PATH_MAX]; struct stat st; char *buf; int fd; @@ -421,6 +421,7 @@ const char *resolve_ref(const char *ref, unsigned char *sha1, int reading, int * if (--depth < 0) return NULL; + git_snpath(path, sizeof(path), "%s", ref); /* Special case: non-existing file. */ if (lstat(path, &st) < 0) { struct ref_list *list = get_packed_refs(); @@ -1142,13 +1143,14 @@ static int log_ref_write(const char *ref_name, const unsigned char *old_sha1, int logfd, written, oflags = O_APPEND | O_WRONLY; unsigned maxlen, len; int msglen; - char *log_file, *logrec; + char log_file[PATH_MAX]; + char *logrec; const char *committer; if (log_all_ref_updates < 0) log_all_ref_updates = !is_bare_repository(); - log_file = git_path("logs/%s", ref_name); + git_snpath(log_file, sizeof(log_file), "logs/%s", ref_name); if (log_all_ref_updates && (!prefixcmp(ref_name, "refs/heads/") || @@ -1277,7 +1279,7 @@ int create_symref(const char *ref_target, const char *refs_heads_master, const char *lockpath; char ref[1000]; int fd, len, written; - char *git_HEAD = xstrdup(git_path("%s", ref_target)); + char *git_HEAD = git_pathdup("%s", ref_target); unsigned char old_sha1[20], new_sha1[20]; if (logmsg && read_ref(ref_target, old_sha1)) @@ -351,7 +351,7 @@ int setup_rerere(struct string_list *merge_rr) if (!is_rerere_enabled()) return -1; - merge_rr_path = xstrdup(git_path("MERGE_RR")); + merge_rr_path = git_pathdup("MERGE_RR"); fd = hold_lock_file_for_update(&write_lock, merge_rr_path, LOCK_DIE_ON_ERROR); read_rr(merge_rr); diff --git a/server-info.c b/server-info.c index c1c073b2f0..66b0d9d878 100644 --- a/server-info.c +++ b/server-info.c @@ -25,7 +25,7 @@ static int add_info_ref(const char *path, const unsigned char *sha1, int flag, v static int update_info_refs(int force) { - char *path0 = xstrdup(git_path("info/refs")); + char *path0 = git_pathdup("info/refs"); int len = strlen(path0); char *path1 = xmalloc(len + 2); diff --git a/sha1_name.c b/sha1_name.c index 41b680915d..159c2ab84f 100644 --- a/sha1_name.c +++ b/sha1_name.c @@ -245,11 +245,13 @@ int dwim_ref(const char *str, int len, unsigned char *sha1, char **ref) *ref = NULL; for (p = ref_rev_parse_rules; *p; p++) { + char fullref[PATH_MAX]; unsigned char sha1_from_ref[20]; unsigned char *this_result; this_result = refs_found ? sha1_from_ref : sha1; - r = resolve_ref(mkpath(*p, len, str), this_result, 1, NULL); + mksnpath(fullref, sizeof(fullref), *p, len, str); + r = resolve_ref(fullref, this_result, 1, NULL); if (r) { if (!refs_found++) *ref = xstrdup(r); @@ -272,7 +274,7 @@ int dwim_log(const char *str, int len, unsigned char *sha1, char **log) char path[PATH_MAX]; const char *ref, *it; - strcpy(path, mkpath(*p, len, str)); + mksnpath(path, sizeof(path), *p, len, str); ref = resolve_ref(path, hash, 1, NULL); if (!ref) continue; |